Identity and Access Management
Metadata
Supports the integration of various authentication protocols, including LDAP, SAML, OAuth, Azure AD, EU Login, Citizen Card, and more. This allows organisations to authenticate both users and services in a secure and flexible manner, ensuring that only authorised individuals and systems can access sensitive information.
Integrate authentication
Integrate authentication in RODA and other associated components with your own institution's user management systems. The Identity and Access Management component will present a login page that will check users credentials and roles managed by your institution, supporting many protocols: LDAP, Database, SSL certificate, Integrated Windows Authentication, MongoDB, etc. You can also mix several methods and create custom integrations.
Delegate to external Identity Providers
Integration authentication in RODA with the login platform provided by your own institution or by external services. The Identity and Access Management component will redirect the user to an external login page that will redirect back to RODA, when login is completed. Before redirecting to RODA, the user roles and attributes can be checked to ensure the user has permissions to access RODA service. The Identity and Access Management component supports many protocols, including: ADFS, Azure AD, SAML2, OAuth2, OpenID Connect, and many identity providers, including: Facebook, Twitter, GitHub, Google, Apple, LinkedIn, etc.
EU Login, eID and Governmental login platforms
Integrate RODA authentication with Governmental login platforms, like the European Commission's user authentication service (EU Login), European National electronic identification schemes (eID), and specific country's identification schemes as the Portuguese Autenticação.Gov.
Passwordless authentication
Passwordless authentication is a login option where the user identifies himself on the login page but does not input a secret. Instead, a one-time login link is sent to a messaging platform (email or SMS) using information already submitted and verified during the user registration process (the email or the mobile number). This method can be disallowed for certain users based on their attributes and the roles they can have in the system. Usually, users with higher permissions and roles are disallowed from this login method.
Multi-factor authentication
Multi-factor authentication (MFA) is a multi-step account login process that requires users to enter more information than just a password. Usually, smartphone apps are used to create temporary tokens to access the applications, like Google Authenticator, Microsoft Authenticator, Authy and others. Hardware security keys, like YubiKeys and other FIDO2 or FIDO U2F compatible security keys, are also supported for an additional level of protection.
Terms of use and user consent
To be aligned with user privacy policies like GDPR, the Identity and Access Management components can be configured so that the user is presented with the Terms of Use or EULA and requiring the user to accept the usage policy before moving on to the application.
The system also provides the ability to enforce user-informed consent of the user information being provided to the application. This means that prior to accessing the RODA archive, the user will be presented with all user information that is being provided to the application, with options to either proceed or deny access to that information. User consent can be recorded, signed and encrypted.